Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release. (b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇. (c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions. (d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 77 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-cdansereau- ▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 45 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting contacting: ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ Data Privacy Officer Arlington Central School District ▇▇▇ ▇▇▇▇ ▇▇▇, Director for Data Privacy & Professional Learning directly by ▇ Road LaGrangeville,NY 12540 or via email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇.▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Arlington Central School District Contact or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ [Arlington Central School District Contact] or his/her designee.
Appears in 32 contracts
Sources: Vendor Data Sharing and Confidentiality Agreement, Vendor Data Sharing and Confidentiality Agreement, Vendor Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Protection Officer, directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇.▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee.
Appears in 29 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇the Data Privacy Officer, ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇-) ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇the Data Privacy Officer, ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇the Data Privacy Officer, ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 26 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇the ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Central School District’s Data Privacy & Professional Learning Protection Officer directly by email at ▇▇▇@▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇-) ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Central School District’s Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Central School District’s Data Protection Officer or his/her designee.
Appears in 18 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇, Director Assistant Superintendent for Data Privacy & Professional Learning Educational and Support Programs directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 16 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇[▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning ] directly by email at ▇▇▇▇▇▇▇▇▇▇-[▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇▇▇.▇▇▇ ] or by calling [▇▇▇-▇▇▇-▇▇▇▇].
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇[▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ] or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇[▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ] or his/her designee.
Appears in 14 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Panama Central School directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇-)▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 11 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning DataProtection Officer, directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-- ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involvedDatainvolved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the ofthe incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee.
Appears in 10 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning [Jasper- Troupsburg Central School District Contact] directly by email at [▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇▇▇.] or by calling [▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇].
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ [Jasper-Troupsburg Central School District Contact] or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ [Jasper-Troupsburg Central School District Contact] or his/her designee.
Appears in 8 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇▇ Ext.162.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 6 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his/her designee▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following
Appears in 6 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting the Data Privacy Officer, ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ -▇▇▇▇▇▇, Director for Data Privacy & Professional Learning ▇ directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇./
(c) Vendor will cooperate with the District and provide as much information as possible directly to the Data Privacy Officer, ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ -▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform the Data Privacy Officer, ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ -▇▇▇▇▇▇ or his/her designee.
Appears in 5 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇-) ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Central School District or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Central School District or his/her designee.
Appears in 5 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 4 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at [▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇▇▇.] or by calling [▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇].
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 4 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇518.561.0100 x343.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 3 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-@▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 3 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for the Data Privacy & Professional Learning Protection Officer directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇ ▇▇▇-- ▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/her designeereport- improper-disclosure.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/her designee.report-improper-disclosure. 8/30/2023
Appears in 2 contracts
Sources: Master License and Service Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting contacting: ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ Data Privacy Officer Arlington Central School District ▇▇▇ ▇▇▇▇ ▇▇▇, Director for Data Privacy & Professional Learning directly by ▇ Road LaGrangeville,NY 12540 or via email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇.▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Arlington Central School District Contact or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Arlington Central School District Contact or his/her designee.
Appears in 2 contracts
Sources: Vendor Data Sharing and Confidentiality Agreement, Vendor Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data- privacy-security/report-improper-disclosure. ▇▇▇▇▇▇ ▇▇▇▇▇▇ CEO 5/30/2024 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Tools for Schools, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). of Vendor under the MLSA and applicable state and federal law. Vendor will ensure that such subcontractors, assignees, or other authorized agents abide by the provisions of these agreements by: any and all sub-contractors are engaged in such a way as to preserve the same obligations and protections outlined in this plan.
Appears in 2 contracts
Sources: Master License and Service Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Protection Officer directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇ ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇▇▇ ▇▇▇▇▇▇▇ Printed Name Security & Infrastructure Title 8/31/2023 ERIE 1 BOCES AND EDPUZZLE, INC. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Ed puzzle, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or histeachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
a. Vendor shall ensure that, prior to any such disclosure, the assignee, agent or subcontractor receiving data has agreed in writing to comply with data protection obligations consistent with those applicable to Edpuzzle under applicable laws and regulations.
b. Vendor shall assess the privacy and security policies and practices of third-party service providers to ensure such third-party service providers comply with best industry standards, including, but not limited to, ISO and NIST regulations.
c. Vendor only sends personal identifiable information to third-party services that are required to support the service and fully attend Vendor’s user needs.
d. Vendor shall impose the data protection terms on any third-party service provider it appoints that at a minimum meets the requirements provided for by the MLSA ● The MLSA commences on July 1, 2023 and expires on June 30, 2026. ● Upon expiration of the MLSA without renewal and written request by any Participating Educational Agency, or upon termination of the MLSA prior to expiration and written request by any Participating Educational Agency, or at any point upon written request by a Participating Educational Agency, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. In the absence of a written request, Vendor will securely delete or otherwise destroy any and all Protected Data when no longer needed for the purposes for which it was collected, which will be deemed to occur upon eighteen (18) months of end-user account inactivity. If requested by Erie 1 BOCES and/or any Participating Educational Agency prior to the deletion of Protected Data, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. Regarding exportable or retrievable data, teachers/her designeestaff of a Participating Educational Agency will have the ability to download names, responses, results and grades obtained by students in their assignments (i.e., student gradebooks) at any point prior to deletion of accounts. It is not possible to export or retrieve data that is (i) not compatible with the Edpuzzle service (such as “downloading” Edpuzzle videos – be it YouTube embeds or Edpuzzle originals, among others), (ii) technically impossible; or (iii) involve a disproportionate effort for Vendor.
Appears in 2 contracts
Sources: Master License and Service Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will LINCOLN LIBRARY PRESS shall promptly notify the District BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor LINCOLN LIBRARY PRESS has discovered or been informed of the breach or unauthorized release.
(b) Vendor LINCOLN LIBRARY PRESS will provide such notification to the District BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇.▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇) ▇▇▇-▇▇▇-▇▇▇▇▇ (office).
(c) Vendor LINCOLN LIBRARY PRESS will cooperate with the District ▇▇▇▇▇ and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the General Counsel or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor LINCOLN LIBRARY PRESS discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor LINCOLN LIBRARY PRESS has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor LINCOLN LIBRARY PRESS representatives who can assist affected individuals that may have additional questions.
(d) Vendor LINCOLN LIBRARY PRESS acknowledges that upon initial notification from VendorLINCOLN LIBRARY PRESS, the DistrictBOCES, as the educational agency with which Vendor LINCOLN LIBRARY PRESS contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees LINCOLN LIBRARY PRESS shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor LINCOLN LIBRARY PRESS directly or requests more information from Vendor LINCOLN LIBRARY PRESS regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇, LINCOLN LIBRARY PRESS will promptly inform General Counsel or designees.
(e) LINCOLN LIBRARY PRESS will consult directly with General Counsel or designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law Section 2-d. To further these goals, ▇▇▇▇▇ wishes to inform parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇▇▇.▇▇▇/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his/her designee▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints may be directed to the NYS Chief Privacy Officer by writing to the New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be directed to the Chief Privacy Officer via email at: ▇▇▇@▇▇▇▇.▇▇▇▇▇.▇▇▇. Vice President BOCES has entered into An Agreement (“AGREEMENT”) with LINCOLN LIBRARY PRESS (“LINCOLN LIBRARY PRESS”), which governs the availability to Participating Educational Agencies of the following Product(s):
Appears in 2 contracts
Sources: Master License and Service Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇▇▇▇ ▇▇▇▇▇ CTO 5/8/2023 ERIE 1 BOCES AND [ AMERICAN READING COMPANY] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [ American Reading Company] which governs the availability to Participating Educational Agencies of the following Product(s): [ SchoolPace®/eLibraries/SchoolPace Connect®/eBundles] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 2 contracts
Sources: Master License and Services Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES and Participating Educational Agencies in writing of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of determined a the breach or unauthorized releaserelease has occurred.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with Erie 1 BOCES and the District impacted Participating Educational Agencies, and will also provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇- ▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇ ▇▇▇▇ VP, Bids and Proposals Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Learning A-Z which governs the availability to Participating Educational Agencies of the following Product(s): Raz-Plus Reading A-Z Raz-Kids ELL Edition Connected Classroom Science A-Z Vocabulary A-Z Raz-Plus + ELL Edition Foundations A-Z Writing A-Z Espanol Add-on Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇, Director Assistant Superintendent for Data Privacy & Professional Learning Educational and Support Programs directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting contacting: ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as reasonably possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 2 contracts
Sources: Vendor Data Sharing and Confidentiality Agreement, Vendor Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his/her designee▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any confirmed breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student’s personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child’s education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇ ▇▇▇▇ VP Global Controller 7/5/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Renaissance Learning, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Star Reading, Star Math, Star Early Literacy, Star 360, Star Custom, Star Elementary Suite, Star CBM Math, Star CBM Reading, Star CBM Lectura, myIGDIs, Accelerated Reader, myON, myON News, myON Publisher, Freckle ELA, Freckle Math, Freckle Science, Freckle Social Studies, Lalilo, FastBridge, SAEBRs, Renaissance Web Platform Services, Renaissance Data Integration Services, Custom Report Services, Renaissance professional development, and any products acquired by Vendor during the Term Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇518.561.0100 x343.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ . ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ . ▇▇▇▇▇▇ or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. EXHIBIT D (CONTINUED) Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Senior VP, Finance April 15, 2024 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Amplify Education, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Amplify Science, mCLASS with DIBELS 8th Edition, Boost Reading, Boost Lectura Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). hosting service provider), it will require those to whom it discloses Protected Data to execute legallybindingagreementsacknowledgingtheobligation under Section 2-d of the New York State Education Law to comply with the same data security and privacy standards required of Vendor under the MLSA and applicable state and federal law. Vendor will ensure that such subcontractors, assignees, or other authorized agents abide by the provisions of these agreements by: Vendor requires all subcontractors or other authorized persons with access to student, teacher, or principal data to agree in writing to abide by all applicable state and federal laws and regulations. Additionally, as between Vendor and the educational agency, Vendor takes full responsibility for the actions of any such parties.
Appears in 2 contracts
Sources: Master License and Services Agreement, Master License and Services Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ contactingCecilia ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly Learningdirectly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@wswheboces.orgor by calling518-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇581-▇▇▇-▇▇▇▇3518.
(c) Vendor will cooperate with the District and provide as much information as possible directly to toCecilia ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform informCecilia ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning of Technology directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ nettech@waynecsd or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ CSD IT Department or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ [Name of District Contact] or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Officer directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇) ▇▇▇-▇▇▇-▇ ▇▇▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York StateEducation Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data- privacy-security/report-improper-disclosure. ▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇ 9/6/2024 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with GENIALLY LLC which governs the availability to Participating Educational Agencies of the following Product(s): Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Genially LLC which governs the availability to Participating Educational Agencies of the following Product(s): Software services Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). will not be sold, or released or used for any commercial or marketing purposes.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇. ▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. 6/8/2023 ERIE 1 BOCES AND [BLOCKSI INC.] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [Blocksi, Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇the BOCES Data Protection Officer, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District ▇▇▇▇▇ and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer (DPO) or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictBOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District▇▇▇▇▇, Vendor will promptly inform the Data Protection Officer or designees.
(e) Vendor will consult directly with the Data Protection Officer or designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. _A_s__s_o_c_i_a_te__G__e_n__e_r_a_l _C__o_u_n_s_e__l,_C_ IPP/US TEintclyeclopaedia Britannica, Inc. _F_e__b_r_u_a_r_y__3_,_2_0__2_1___&__a_f_fir_m__ed__o_n March 9, 2021 Parents’ Bill of Rights for Data Security and Privacy Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law Section 2-d. To further these goals, ▇▇▇▇▇ wishes to inform parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, ▇▇▇@▇▇▇▇▇.▇▇▇, ▇▇▇ ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇ ▇▇▇▇, ▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇▇▇.▇▇▇/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints may be directed to the NYS Chief Privacy Officer by writing to the New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be directed to the Chief Privacy Officer via email at: ▇▇▇@▇▇▇▇.▇▇▇▇▇.▇▇▇. _A_s__s_o_c_i_a_te__G__e_n__e_r_a_l _C__o_u_n_s_e__l,_C_ IPP/US TEintclyeclopaedia Britannica, Inc. _F_e__b_r_u_a_r_y__3_,_2_0__2_1___&__M_a_r_c_h_9_,_2_021 Date BOCES has entered into An Agreement (“AGREEMENT”) with Vendor (“Vendor”), which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the AGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). To enable Encyclopaedia Britannica, Inc. to provide the online, institutional subscription-based products and services subscribed-to by BOCES in the manner described and as intended for use by BOCES and its users. Vendor agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by Vendor, or any of Vendor’s subcontractors, assignees, or other authorized agents, will not be sold, or released or used for any commercial or marketing purposes.
Appears in 2 contracts
Sources: Data Privacy Agreement, Data Privacy Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/ student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Hapara, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will ▇▇▇▇▇▇▇ shall promptly notify the District BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor ▇▇▇▇▇▇▇ has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for will provide such notification to BOCES by contacting the BOCES Data Privacy & Professional Learning directly by email Officer, at ▇▇▇▇▇▇▇▇▇▇-▇.▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor ▇▇▇▇▇▇▇ will cooperate with the District ▇▇▇▇▇ and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer (DPO) or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor ▇▇▇▇▇▇▇ discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor ▇▇▇▇▇▇▇ has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor ▇▇▇▇▇▇▇ representatives who can assist affected individuals that may have additional questions.
(d) Vendor ▇▇▇▇▇▇▇ acknowledges that upon initial notification from Vendor▇▇▇▇▇▇▇, the DistrictBOCES, as the educational agency with which Vendor ▇▇▇▇▇▇▇ contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees ▇▇▇▇▇▇▇ shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor ▇▇▇▇▇▇▇ directly or requests more information from Vendor ▇▇▇▇▇▇▇ regarding the incident after having been initially informed of the incident by the District▇▇▇▇▇, Vendor will promptly inform ▇▇▇▇▇▇▇ will promptly inform the Data Protection Officer or designees.
(e) ▇▇▇▇▇▇▇ will consult directly with the Data Protection Officer or designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. E-SIGNED by ▇▇▇▇▇▇ ▇▇▇▇▇▇ SVP Technology Platforms T0i6t-l2e6-2020 18:13:45 GMT Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law Section 2-d. To further these goals, ▇▇▇▇▇ wishes to inform parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Privacy Officer, ▇▇▇▇▇▇▇.▇▇▇▇▇@▇▇▇▇▇.▇▇▇, ▇▇▇ ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇ ▇▇▇▇, ▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇▇▇.▇▇▇/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints may be directed to the NYS Chief Privacy Officer by writing to the New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be directed to the Chief Privacy Officer via email at: ▇▇▇@▇▇▇▇.▇▇▇▇▇.▇▇▇. _E_-_S__IG__N_E__D__b_y__G_e_o__rg_e__G__a_t_s_is___ Signature SVP Technology Platforms _0__6_-_2_6_-_2__0_2_0__1_8__:1__3_:_4_9__G__M__T__ BOCES has entered into An Agreement (“AGREEMENT”) with ▇▇▇▇▇▇▇ (“▇▇▇▇▇▇▇”), which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the AGREEMENT, Participating Educational Agencies may provide to ▇▇▇▇▇▇▇, and ▇▇▇▇▇▇▇ will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). ▇▇▇▇▇▇▇ agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by ▇▇▇▇▇▇▇, or any of ▇▇▇▇▇▇▇’▇ subcontractors, assignees, or other authorized agents, will not be sold, or released or used for any commercial or marketing purposes.
Appears in 2 contracts
Sources: Data Privacy Agreement, Data Privacy Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 2 contracts
Sources: Data Sharing and Confidentiality Agreement, Data Sharing and Confidentiality Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇▇ (cell). DocuSign Envelope ID: 1BF793A8-▇▇▇▇.A306-4827-A50B-EB4AFCC1DD9E
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report- improper-disclosure. Signature ▇▇▇▇▇▇ ▇▇▇▇▇▇ Printed Name CEO 2/28/2024 DocuSign Envelope ID: 1BF793A8-A306-4827-A50B-EB4AFCC1DD9E Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Tools for Schools, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy Security, Protection & Professional Learning Compliance Officer, Erie 1 BOCES directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ ▇, or by calling (▇▇▇) ▇▇▇-▇▇▇-▇▇▇▇▇ (office).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her his designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have Erie 1 BOCES if it has additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇ or his designee.
(e) Vendor will consult directly with ▇▇▇▇▇ ▇▇▇▇▇▇▇ or his/her designeehis designee prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected school district.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any confirmed breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇ ▇▇▇▇ VP Global Controller 7/5/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Renaissance Learning, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇the ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Central School District’s Data Privacy & Professional Learning Protection Officer directly by email at ▇▇▇@▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇-) ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much all information as possible reasonably needed by the District to comply with applicable law and policy directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Central School District’s Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Central School District’s Data Protection Officer or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. _VP, School Sales Title 5/10/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [▇▇▇▇, part of Cengage Learning, Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): Miss Humblebees Academy ▇▇▇▇ Interactive Science IMAGO Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Protection Officer, directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇.▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible is reasonable directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇[▇▇▇▇▇ ▇▇▇▇▇▇ and ▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning ] directly by email at [▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇ and ▇▇▇▇▇@▇▇▇▇▇.▇▇▇ ▇] or by calling [▇▇▇-▇▇▇-▇▇▇▇].
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇[▇▇▇▇▇ ▇▇▇▇▇▇ and ▇▇▇▇ ▇▇▇▇] or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇[▇▇▇▇▇ ▇▇▇▇▇▇ and ▇▇▇▇ ▇▇▇▇] or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District▇▇▇▇ 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇- ▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy- security/report-improper-disclosure. ▇▇▇▇▇ ▇▇▇▇▇▇▇ SVP, ▇▇▇▇▇▇▇ School Assessment 9/8/2023 Page 38 of 41 ERIE 1 BOCES AND NCS ▇▇▇▇▇▇▇, INC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) NCS ▇▇▇▇▇▇▇, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): [aimswebPlus, WriteToLearn, and SSIS Social-Emotional Learning Edition on Review360] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). Oversight of Subcontractors: In the event that Vendor engages subcontractors, assignees, or other authorized agents to perform one or more of its obligations under the MLSA (including any hosting service provider), it will require those to whom it discloses Protected Data to execute legally binding agreements acknowledging the obligation under Section 2-d of the New York State Education Law to comply with the same data security and privacy standards required of Vendor under the MLSA and applicable state and federal law. Vendor will ensure that such subcontractors, assignees, or other authorized agents abide by the provisions of these agreements by providing training for information security and data privacy awareness, information security acceptable use, and code of conduct upon hire and annually thereafter.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. 7/19/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with DreamBox Learning, Inc which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). • The MLSA commences on July 1, 2023 and expires on June 30, 2026. • Upon expiration of the MLSA without renewal, or upon termination of the MLSA prior to expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by Erie 1 BOCES and/or any Participating Educational Agency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with Erie 1 BOCES as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that these requirements have been satisfied in full. Provider may use de-identified, aggregated Play Data for product development and research purposes. From ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇-▇▇▇▇▇▇ Who We Are and What We Do July 8, 2022 cally transforming the wa ▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ in both ng solutions der, is radi y pkins’ Evid ptive learni e believe all students can excel at DreamBox Learning® (DreamBox), the leading K-12 education technology provi the world learns. As the only dual-discipline solution rated “Strong” by ▇▇▇▇▇ ▇▇ mathematics and reading, DreamBox uniquely provides schools high-quality, ada independently proven to accelerate student growth. We built DreamBox because w learning, no matter where they start, where they live, or who they are. We are dedicated to helping students realize their potential, working together with parents, guardians, teachers, principals, and district administrators. Critical to our vision is safeguarding the privacy of every person who uses DreamBox. You can learn more about our company values here. Privacy Statement In this policy, we’ve attempted to provide as much useful information as possible, from many different angles, to help you find whatever answers you might need about our approach to privacy. But, at the core, our approach to privacy is this: DreamBox understands that your data is important, personal, and that it is yours. You shared your data with us so that we can provide you with the DreamBox service, but we don’t own the data: you do. We will not use the data you share to use our services for third-party marketing or other unrelated purposes. We won’t sell it to or share it with any company not directly involved in providing the DreamBox service or services you are using. We will always protect your data, using world-class security measures and practices implemented by vetted, fully-trained personnel. We will be transparent about exactly what data we have from you or about you, how we got that data, and how we use it. If you ask us to delete your data, we will remove you from the DreamBox services, destroy your personal data, and alert you when your removal is complete. We will not collect additional personal information directly from children, or market products to children using the data you provide. See also our statement about Student Privacy, directly below this note. Student Privacy DreamBox Learning is deeply committed to setting a high bar for protecting students’ privacy and sensitive student information across all our learning products. We believe that students, educators, and learning guardians benefit when there is trust in learning. We believe that well-conceived privacy policies and rigorous enforcement of those policies are a core requirement for online learning. As evidence of our commitment to these principles, we’ve signed on to the nationwide Student Privacy Pledge 2020. For students who use our system, we receive information from a school or school district, or a parent or learning guardian. When students use our system, they generate usage and performance data that capture how students interact with lessons. We use that statistical data to measure performance, adapt programs to each student’s learning needs, and provide progress reports to educators and learning guardians. We do not collect personal information from students at any time. We do not market products to students, either within our services or elsewhere. When schools and learning guardians provide student data to use our services, we do not use that data for direct marketing, third-party marketing, or any other unrelated purposes. We will not sell it to or share it with any company not directly involved in providing DreamBox services. Why we have your information DreamBox has your information for one of these reasons: You or your parent or guardian signed up for the DreamBox service An authorized educational institution (a school or school district) shared information about you with DreamBox. For the cases above, we only use your data for the express purpose of providing you the educational service that you, your guardian or your school signed up for. This may include notices about updates and changes to the functionality of the service, or ways in which you can more fully take advantage of the service’s features. If you provide information when inquiring about our products on one of our marketing sites: ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇ , ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or his/her designee▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇, we will use this data to contact you with information about becoming a DreamBox customer. Definitions of some terms used in this policy Individual Customer or customers that are individuals: individuals or families who directly purchased the DreamBox service for personal or family use. Individual Parent: a parent or guardian of a student who directly signed their student up to use the DreamBox service. (In other words, their student was not signed up by a school or district.) Parent: a parent or guardian of a student using the DreamBox service, regardless of how the student was signed up for DreamBox services. School Customer: an educational institution that has purchased the DreamBox service and provisions accounts for individual student users. School Parent: a parent or guardian of a student using the DreamBox service, who has been signed up by a school or district. Student User: any individual using the DreamBox service, whether signed up by a parent or a school. Students may be any age, but DreamBox treats all students as though they are covered by legal protections for children aged 13 or younger. The Information We Collect from Customers Parent’s First and Last Name: You will need to provide a first and last name to access the parent dashboard to track your student’s progress. For Individual Customers, first and last name may also be required by our payment processor for initial processing of credit card payments.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District of any breach of security resulting in a Breach or unauthorized release Unauthorized Release of Protected Data it has received from the District by Vendor or its assignees (an “Incident”) in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed the discovery of such Incident. Such required notifications shall be clear, concise, use language that is plain and easy to understand, and to the extent available, include: a brief description of the breach Incident; the dates of the Incident and the date of discovery, if known; a description of the types of Protected Data affected; an estimate of the number of records affected; a brief description of Vendor’s investigation or unauthorized release.
(b) plan to investigate; and contact information for representatives who can assist Parents or Eligible Students that have additional questions. Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Protection Officer directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇)▇▇▇-▇▇▇-▇▇ ▇ ▇▇▇.
(cb) Vendor will cooperate with the District and provide as much information as possible directly law enforcement to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ protect the integrity of investigations into the Incident.
(c) Where an Incident is attributable to Vendor, Vendor shall pay or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within promptly reimburse the District affectedfor the full cost of any notifications required to be given by the District under NY 2-d to affected Parents, what the Vendor has done or plans to do to investigate the incidentEligible Students, stop the breach and mitigate any further unauthorized access or release of Protected Datateachers, and contact information for Vendor representatives who can assist affected individuals that may have additional questionsand/or principals.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency Educational Agency with which Vendor contracts, has an obligation under Section NY 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident Incident after having been initially informed of the incident Incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer listed in subsection (a) above or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Pro- tected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable infor- mation involved, an estimate of the number of records affected, the schools within the District Participating Educa- tional Agencies affected, what the Vendor has done or plans to do to investigate the incidentinci- dent, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals individ- uals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and prin- cipal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or trans- ferred.
(4) A complete list of all student data elements collected by the State is available for public re- view at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data ad- dressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-pri- vacy-security/report-improper-disclosure. 5/26/2023 ERIE 1 BOCES AND [MAD-LEARN LLC] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [MAD- learn LLC] which governs the availability to Participating Educational Agencies of the following Product(s): [MAD-learn] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room ▇▇▇ ▇▇▇, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his/her designee▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Jasper- Troupsburg Central School District Contact directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇ ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Jasper-Troupsburg Central School District Contact or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Jasper-Troupsburg Central School District Contact or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar business days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇[▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning ] directly by email at ▇▇▇▇▇▇▇▇▇▇-[▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇▇▇.▇▇▇ ] or by calling [▇▇▇-▇▇▇-▇▇▇▇].
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇[▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ] or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇[▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ ] or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) ten calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning the Technology Coordinator directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Technology Coordinator or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Technology Coordinator or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with McGraw Hill LLC which governs the availability to Participating Educational Agencies of the following Product(s): [list Product(s) from Vendor] StudySync, IMPACT Social Studies, Networks, Redbird Mathematics, ALEKS, Wonders, Open Court Reading, Achieve3000 Math, Achieve3000 Literacy with Boost (formerly Boost, Access and Espanol), Achieve3000 Literacy Intensive, Smarty Ants, and Actively Learn Prime and Unlimited Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). McGraw Hill engages with subcontractors, such as cloud storage vendors, to assist with providing certain aspects of our platforms to customers. Any such subcontractors are limited to receipt and use of only the personal information required to assist with providing, maintaining, or improving the service, and limited to using the personal information solely for those specific purposes. Our subcontractors are contractually bound to uphold our standards of privacy and data security including the commitments of this MLSA and applicable state and federal law.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/her designee.report-improper-disclosure. ERIE 1 BOCES AND NEXTWAVESTEM Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with NextWaveSTEM which governs the availability to Participating Educational Agencies of the following Product(s):
1. Grades K-2|Introduction to Robots: What is a Robot?
2. Grades K-2|Introduction to Drones: Take flight!
3. Grades K-2|Introduction to Artificial Intelligence: Lions, and Tigers, and AI!
4. Grades 3-5|Discovery of Robots: Coding mBot
5. Grades 3-5|Discovery of Unmanned Aviation 6. Grades 3-5|Discovery of 3D Design Using Tinkercad
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data- privacy-security/report-improper-disclosure. ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇▇ Printed Name Head of Engineering Title 9/19/2024 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Kialo GmbH which governs the availability to Participating Educational Agencies of the following Product(s): Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Kialo GmbH which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). • Only disclosing Protected Data to subcontractors who need access in order to provide the Services and such disclosure shall be limited to the extent necessary to provide such Services. Vendor shall ensure that all such employees and subcontractors comply with the terms of this Agreement. • Ensuring that each subcontractor with access to Protected Data is contractually bound by a written agreement that includes confidentiality and data security obligations equivalent to, consistent with, and no less protective than, those found in this Agreement. • Examining the data security and privacy measures of its subcontractors prior to utilizing the subcontractor. If at any point a subcontractor fails to materially comply with the requirements of this Agreement, Vendor shall: notify the EA and remove such subcontractor’s access to PII; and, as applicable, retrieve all Protected Data received or stored by such subcontractor and/or ensure that such data has been securely deleted and destroyed in accordance with this Agreement. In the event there is an incident in which the subcontractor compromises Protected Data, Vendor shall follow the Data Breach reporting requirements set forth herein.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any confirmed breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed confirmation of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇the Data Privacy Officer, ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇-) ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇the Data Privacy Officer, ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇the Data Privacy Officer, ▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
(e) Except as otherwise required by law or agreed in writing between the parties and excluding Student Data or any other data that belongs to the District, all information provided by Vendor to the District pursuant to this Agreement shall be treated as Vendor’s confidential information. The District agrees that it will disclose such information only to such parties that the District determines are necessary to assist it in its review and require such parties to enter into non-disclosure agreements or otherwise agree in writing to maintain its confidentiality. To the extent permitted by law, the District will withhold such information from public disclosure.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. Signature Printed Name ▇▇▇▇▇▇ ▇▇▇▇▇ ERIE 1 BOCES AND [ LINKIT!] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [LinkIt!] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). Oversight of Subcontractors: In the event that Vendor engages subcontractors, assignees, or other authorized agents to perform one or more of its obligations under the MLSA (including any hosting service provider), it will require those to whom it discloses Protected Data to execute legally binding agreements acknowledging the obligation under Section 2-d of the New York State Education Law to comply with the same data security and privacy standards required of Vendor under the MLSA and applicable state and federal law. Vendor will ensure that such subcontractors, assignees, or other authorized agents abide by the provisions of these agreements by: Vendors that receive PII will address statutory and regulatory data privacy and security requirements. Additional information on subscontractors can be found in “Supply Chain Risk Management” section of the Data Security and Privacy Plan on page 23.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning Protection Officer, directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇.▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) To the extent legally permissible, Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will Learning Ally Inc. shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor Learning Ally Inc. has discovered or been informed of the breach or unauthorized release.
(b) Vendor Learning Ally Inc. will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor Learning Ally Inc. will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor Learning Ally Inc. discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor Learning Ally Inc. has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor Learning Ally Inc. representatives who can assist affected individuals that may have additional questions.
(d) Vendor Learning Ally Inc. acknowledges that upon initial notification from VendorLearning Ally Inc., the DistrictErie 1 BOCES, as the educational agency with which Vendor Learning Ally Inc. contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees Learning Ally Inc. shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor Learning Ally Inc. directly or requests more information from Vendor Learning Ally Inc. regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor Learning Ally Inc. will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Learning Ally Inc. will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his/her designee▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data- privacy-security/report-improper-disclosure. ▇▇▇ ▇▇▇▇ SVP Global Controller 5/28/2024 ERIE 1 BOCES AND NEARPOD, LLC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) Nearpod, LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). York State Education Law to comply with the same data security and privacy standards required of Vendor under the MLSA and applicable state and federal law. Vendor will ensure that such subcontractors, assignees, or other authorized agents abide by the provisions of these agreements by: Nearpod shall ensure that a contract is in place between it and any third- party entity or agent that participates in an onward transfer of personally identifiable information. The contracts specify that such personally identifiable information may only be processed for limited and specified purposes consistent with the consent provided by the individual, applicable laws, and that the recipient will provide the same level of protection as stated in the Principles’ agreement. Nearpod remains liable for the acts and omissions of its third-party agents.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. 5/22/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Curriculum Associates, LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). • The MLSA commences on July 1, 2023 and expires on June 30, 2026. • Upon expiration of the MLSA without renewal and written request by Erie 1 BOCES, or upon termination of the MLSA prior to expiration and written request by Erie 1 BOCES, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data with the exception of backups, which are automatically deleted over time in accordance with Vendor’s data retention and destruction policies. If requested in writing by Erie 1 BOCES and/or any Participating Educational Agency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency, with the exception of backups as noted above. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with Erie 1 BOCES as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that these requirements have been satisfied in full.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating
(d) Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(de) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(f) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: 8AEE851D-50B6-4627-A53A-04C13063DCE9 ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/her designeereport-improper-disclosure.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other RIC or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy- security/report-improper-disclosure. _Molly ▇. ▇▇▇▇▇▇▇/ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇ III Printed Name 5/15/2023 ERIE 1 BOCES AND LINSTAR, INC. Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: FAA531A2-A6CC-435C-809E-A4ECFBCEEF44 ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report- improper-disclosure. ▇▇▇ ▇▇▇▇▇ Printed Name Vice President Title 4/18/2024 DocuSign Envelope ID: FAA531A2-A6CC-435C-809E-A4ECFBCEEF44 ERIE 1 BOCES AND [DELTAMATH SOLUTIONS INC.] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [DeltaMath Solutions Inc.] which governs the availability to Participating Educational Agencies of the following Product(s): [DeltaMath PLUS or hisINTEGRAL site licenses] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [DeltaMath Solutions Inc. ] which governs the availability to Participating Educational Agencies of the following Product(s): [DeltaMath PLUS or INTEGRAL site licenses ] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). Please see the following excerpt(s) from our Vendor Management Policy: Third party relationships must be managed by contracts (supplier agreements). These contracts that include the exchange of confidential data must require confidentiality and non-disclosure agreements (NDA) to be executed by the vendor, and shall identify applicable security policies and procedures to which the vendor is subjected, where applicable. Contracts should have standard wording, where there is not a standard MSA or license agreement, and must clearly identify security reporting requirements that stipulate that the vendor is responsible for maintaining the security of confidential data, under their control. In the event of a breach of the security of the DeltaMath ’s confidential data, the vendor is responsible for notifying DeltaMath regarding incident details, recovery and remediation. This may also be executed via a Data Processing Agreement (DPA). Third party access to DeltaMath information shall be granted only after authorization and signing the applicable agreements/her designeecontracts.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the DocuSign Envelope ID: E1A65C28-CCD7-4409-A10A-EADA91528E55 incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: E1A65C28-CCD7-4409-A10A-EADA91528E55 Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. DocuSign Envelope ID: E1A65C28-CCD7-4409-A10A-EADA91528E55 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [Frontline Technologies Group, LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ _Chief accounting officer 8/2/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with PowerSchool Group, LLC which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). Vendor-Data Subprocessing 1 Erie 1 BOCES authorizes Vendor to appoint Vendor-data subprocessors in accordance with this subsection and the MLSA. 2 Vendor will enter into written agreements (“Vendor-Data Subprocessor Agreement”) whereby Vendor-Data Subprocessors agree to secure and protect Protected Data in a manner consistent with the terms of this DPA and the MLSA.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will ALLDATA shall promptly notify the District BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor ALLDATA has discovered or been informed of the breach or unauthorized release.
(b) Vendor ALLDATA will provide such notification to the District BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇.▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling (▇▇▇) ▇▇▇-▇▇▇-▇▇▇▇▇ (office).
(c) Vendor ALLDATA will cooperate with the District ▇▇▇▇▇ and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the General Counsel or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor ALLDATA discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor ALLDATA has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor ALLDATA representatives who can assist affected individuals that may have additional questions.
(d) Vendor ALLDATA acknowledges that upon initial notification from VendorALLDATA, the DistrictBOCES, as the educational agency with which Vendor ALLDATA contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees ALLDATA shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor ALLDATA directly or requests more information from Vendor ALLDATA regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇, ALLDATA will promptly inform General Counsel or designees.
(e) ALLDATA will consult directly with General Counsel or designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Exhibit (continued) Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law Section 2-d. To further these goals, ▇▇▇▇▇ wishes to inform parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇▇▇.▇▇▇/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints may be directed to the NYS Chief Privacy Officer by writing to the New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be directed to the Chief Privacy Officer via email at: ▇▇▇@▇▇▇▇.▇▇▇▇▇.▇▇▇. _H__e__a_t__h_e__r__B__e_h__r_m___a_n_______ Exhibit (continued) BOCES has entered into An Agreement (“AGREEMENT”) with ALLDATA (“ALLDATA”), which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the AGREEMENT, Participating Educational Agencies may provide to ALLDATA, and ALLDATA will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). The exclusive purpose for which ALLDATA is being provided access to Protected Data is to provide Participating Educational Agencies with the functionality of the Product(s) listed above. ALLDATA agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by ALLDATA, or any of ALLDATA’s subcontractors, assignees, or other authorized agents, will not be sold, or released or used for any commercial or marketing purposes.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but Docusign Envelope ID: C493488B-3110-4053-A976-C635AFFEE5AE no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Docusign Envelope ID: C493488B-3110-4053-A976-C635AFFEE5AE ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his/her designee▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) E x c l u d ing b r eac h e s attr ib u tab l e t o B OCE S , Vendor will shall promptly notify the District BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇the BOCES Data Protection Officer, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District ▇▇▇▇▇ and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer (DPO) or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictBOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District▇▇▇▇▇, Vendor will promptly inform the Data Protection Officer or designees.
(e) Vendor will consult directly with the Data Protection Officer or designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. _P_r_e_s_i_d_e_n__t____________________ _1_2_-_3_1__-2__0_2_0___________________ Date Albany-Schoharie-Schenectady-Saratoga BOCES (BOCES) is committed to protecting the privacy and security of personally identifiable information about students who attend BOCES instructional programs in accordance with applicable law, including New York State Education Law Section 2-d. To further these goals, ▇▇▇▇▇ wishes to inform parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child’s education record, including any student data maintained by the Capital Region BOCES. This right of inspection of records is consistent with the federal Family Educational Rights and Privacy Act (FERPA). Under the more recently adopted regulations (Education Law §2-d), the rights of inspection are extended to include data, meaning parents have the right to inspect or receive copies of any data in their child’s educational record. The New York State Education Department (SED) will develop further policies and procedures related to these rights in the future. Requests to inspect and review a child’s education record should be directed to: Data Protection Officer, ▇▇▇@▇▇▇▇▇.▇▇▇, ▇▇▇ ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇ ▇▇▇▇, ▇▇▇▇▇▇, ▇▇ ▇▇▇▇▇.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇.▇▇▇▇▇.▇▇▇/irs/sirs/documentation/NYSEDstudentData.xlsx, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints may be directed to the NYS Chief Privacy Officer by writing to the New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be directed to the Chief Privacy Officer via email at: ▇▇▇@▇▇▇▇.▇▇▇▇▇.▇▇▇. _P_r_e_s_i_d_e_n__t____________________ _1_2_-_3_1__-2__0_2_0___________________ Date BOCES has entered into An Agreement (“AGREEMENT”) with Vendor (“Vendor”), which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the AGREEMENT, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). To buy, create, store, assign, and record student progress on (optional) Boom Cards cloud-resident instructional materials. Vendor agrees that it will not use the Protected Data for any other purposes not explicitly authorized in the AGREEMENT. Protected Data received by Vendor, or any of Vendor’s subcontractors, assignees, or other authorized agents, will not be sold, or released or used for any commercial or marketing purposes.
Appears in 1 contract
Sources: Data Privacy Agreement
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. _Lainey ▇▇▇▇▇▇ _CEO 4/27/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Tools for Schools, Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor Quizizz will promptly notify the School or District of any breach or unauthorized release of Protected Data it has received from the School or District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor ▇▇▇▇▇▇▇ has discovered or been informed of the breach or unauthorized release.
(b) Vendor Quizizz will provide such notification to the School or District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇▇ .
(c) Vendor Quizizz will cooperate with the School or District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the School or his/her designee District about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor ▇▇▇▇▇▇▇ discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, if a District, instead of one school, the schools within the District affected, what the Vendor Quizizz has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor Quizizz representatives who can assist affected individuals that may have additional questions.
(d) Vendor ▇▇▇▇▇▇▇ acknowledges that upon initial notification from VendorQuizizz, the School or District, as the educational agency with which Vendor ▇▇▇▇▇▇▇ contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor ▇▇▇▇▇▇▇ agrees not to provide this notification to the CPO directly unless requested by the School or District or otherwise required by law. In the event the CPO contacts Vendor ▇▇▇▇▇▇▇ directly or requests more information from Vendor ▇▇▇▇▇▇▇ regarding the incident after having been initially informed of the incident by the School or District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ will promptly inform the School or his/her designeeDistrict.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited limit- ed to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable in- formation involved, an estimate of the number of records affected, the schools within the District Participating Edu- cational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Pro- tected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purpos- es.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇- ▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Com- plaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-dis- closure. ERIE 1 BOCES AND [PARENTSQUARE] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Par- entSquare which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the DocuSign Envelope ID: D775A58B-8273-40AA-B979-BD2F8E905109 incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: D775A58B-8273-40AA-B979-BD2F8E905109 Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. BY THE VENDOR: _Severine Vieux Printed Name 5/18/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Nearpod Inc. which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. DocuSign Envelope ID: 3AE48840-8B92-4266-8006-8B84B5A6EEA0 DocuSign Envelope ID: 3AE48840-8B92-4266-8006-8B84B5A6EEA0 ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data- privacy-security/report-improper-disclosure. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ President 5/15/2024 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Code.orgwhich governs the availability to Participating Educational Agencies of the following Product(s): The ▇▇▇▇.▇▇▇ online curriculum and learning platform for students to learn coding and computer science. Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). Oversight of Subcontractors: In the event that Vendor engages subcontractors, assignees, or other authorized agents to perform one or more of its obligations under the MLSA (including any hosting service provider), it will require those to whom it discloses Protected Data to execute legally binding agreements to comply with data security and privacy standards equivalent to, consistent with, and no less protective than, those required of Vendor under the MLSA and applicable state and federal law. Vendor will ensure that such subcontractors, assignees, or other authorized agents abide by the provisions of these agreements by periodically updating and assessing compliance with those agreements.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven ten (710) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting the Data Privacy Officer, ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ -▇▇▇▇▇▇, Director for Data Privacy & Professional Learning ▇ directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to the Data Privacy Officer, ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ -▇▇▇▇▇▇ or his/her designee about the incident, to the extent the information is available, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the ofthe incident, a description of the types of Protected Data involved, an estimate of the number of records affected, ,the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the stopthe breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform the Data Privacy Officer, ▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ -▇▇▇▇▇▇ or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. PARENTS BILL OF RIGHTS FOR DATA PRIVACY AND SECURITY Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/her designee.report-improper-disclosure. ▇▇▇▇▇▇ ▇▇▇▇▇ CRO 7/14/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Hello World CS which governs the availability to Participating Educational Agencies of the following Product(s):
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District PNW BOCES of any breach or unauthorized release of Protected Data it has received from the District PNW BOCES and/or its affiliates in the most expedient way possible and without unreasonable delay, but no more than seven ten (710) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District PNW BOCES by contacting the Data Protection Officer, ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇, ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District PNW BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer or his/her designee about the incident, to the extent the information is available, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within PNW BOCES affected and/or the District affiliates of PNW BOCES whose data has been affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictPNW BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Protection Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District PNW BOCES or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictPNW BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any confirmed breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of confirmed the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting contacting: ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will reasonably cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Arlington Central School District Contact or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of confirmed the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ [Arlington Central School District Contact] or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/her designee.report-improper-disclosure. ▇▇▇▇ ▇▇▇▇▇▇▇▇ Printed Name Chief Financial Officer Title 5/23/2023
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting contacting: ▇▇. ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇▇ Data Privacy Officer Arlington Central School District ▇▇▇ ▇▇▇▇ ▇▇▇▇ Road LaGrangeville, Director for Data Privacy & Professional Learning directly by NY 12540 or via email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇.▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Arlington Central School District Contact or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ [Arlington Central School District Contact] or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇the District’s Data Privacy Officer, ▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling phone at ▇▇▇-.▇▇▇-.▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the District’s Data Privacy Officer or his/his or her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that who may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“"CPO”"). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the District’s Data Privacy Officer or his/his or her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. 6/24/2023 ERIE 1 BOCES AND [Small Factory Innovations, Inc. ] Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with [Small Factory Innovations, Inc. ] which governs the availability to Participating Educational Agencies of the following Product(s): [SILAS] Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ERIE 1 BOCES AND BLOCKSCAD INC Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with BlocksCAD Inc which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). • The MLSA commences on January 15, 2023 and expires on June 30, 2026. • Upon expiration of the MLSA without renewal, or upon termination of the MLSA prior to expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by Erie 1 BOCES and/or any Participating Educational Agency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with Erie 1 BOCES as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that these requirements have been satisfied in full. BlocksCAD knows that privacy is important to you - it's important to us, too. We wrote this Privacy Policy to explain what information we collect through our website (▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇) (the "Site"), how we use, process, and share it, and what we're doing to keep it safe. It also tells you about your rights and choices with respect to your information, and how you can contact us if you have any questions or concerns.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. ▇▇▇▇▇ ▇▇▇▇▇▇ VP & Senior Counsel 4/26/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Savvas Learning Company LLC which governs the availability to Participating Educational Agencies of the following Product(s): iLit SuccessMaker enVision Math Investigations Elevate Science ▇▇▇▇▇▇ & ▇▇▇▇▇▇ Biology Experience Chemistry Experience Physics Environmental Science myView Literacy MiVision Lectura Words Their Way Classroom Palabras myPerspectives D'Nealian Handwriting Elementary Social Studies American History World History myWorld Interactive Geography Imagine United States History Imagine World History Silver ▇▇▇▇▇▇▇ Interactive Music Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning DataProtection Officer, directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-- ▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involvedDatainvolved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor ƚƵƌŶ ŶŽƚŝĨLJ ƚŚĞ ŚŝĞĨ WƌŝǀĂĐLJ KĨĨŝĐĞƌVe ndŝorŶ ƚŚĞ agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the ofthe incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ , Data Protection Officer or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇EAST ROCHESTER SCHOOL DISTRICT DATA PROTECTION OFFICER’S NAME AND CONTACT INFORMATION].
(c) Vendor will cooperate with the District and provide as much information as is reasonably possible and appropriate directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ the Data Protection Officer or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at ▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇.
(c) Vendor will cooperate with the District and provide as much information as reasonably possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES and Participating Educational Agencies in writing of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the determined athe breach or unauthorized releaserelease has occured.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (716) ▇▇▇@- ▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ▇▇▇-▇▇▇-▇▇▇▇(cell).
(c) Vendor will cooperate with Erie 1 BOCES and the District impacted Participating Educational Agencies, and will also provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇- ▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ or his/her designee▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will promptly notify the District of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized releaserelease and the number and names of schools and students affected.
(b) Vendor will provide such notification to the District by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, Director for Data Privacy & Professional Learning directly by email at [▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇▇▇.▇▇▇ ] or by calling ▇▇▇-▇ ▇▇▇-▇▇▇▇.]
(c) Vendor will cooperate with the District and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the District, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees not to provide this notification to the CPO directly unless requested by the District or otherwise required by law. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the District, Vendor will promptly inform ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇ or his/her designee.
(e) Vendor shall have no civil or monetary liability hereunder or under any applicable federal or New York law in the event of any breach of Vendor systems which results in the disclosure or use or unauthorized access, use or distribution of Protected Data caused by the actions or omissions of an employee or third-party agent of District or the State of New York.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/report-improper-disclosure. Signature Jordan Mask Printed Name Account & Finance Manager 5/9/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with HIGH SCHOOL E-SPORTS LEAGUE, INC. which governs the availability to Participating Educational Agencies of the following Product(s): High School Esports League and Middle School Esports League tournaments and tournament services and the Gaming Concepts educational resources Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or his/her designeeteachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”).
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description and and Microsoft will promptly and without undue delay (1) notify Customer of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data involved, an estimate of the number of records affected, the schools within the District affected, what the Vendor has done or plans to do to Security Incident; (2) investigate the incident, stop Security Incident and provide Customer with detailed information about the breach Security Incident; (3) take reasonable steps to mitigate the effects and mitigate to minimize any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questionsdamage resulting from the Security Incident.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇- ▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. ERIE 1 BOCES Erie 1 BOCES is committed to protecting the privacy and security of personally identifiable information about students who attend Erie 1 BOCES instructional programs in accordance with applicable law, including New York State Education Law Section 2-d. To further these goals, Erie 1 BOCES wished to inform parents of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room ▇▇▇ ▇▇▇, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy- security/report-improper-disclosure. ERIE 1 BOCES AND MICROSOFT Erie 1 BOCES has entered into a Campus and School Agreement (“Agreement”) with [MICROSOFT] which governs the availability to Participating Educational Agencies of the following Product(s):
(3) except as expressly defined in the licensing terms for the corresponding service, any other separately-branded service made available with or hisconnected to Dynamics 365 Core Services. Office 365 Services The following services, each as a standalone service or as included in an Office 365-branded plan or suite: Compliance Manager, Customer Lockbox, Exchange Online Archiving, Exchange Online Protection, Exchange Online, Microsoft Bookings, Microsoft Forms, Microsoft MyAnalytics, Microsoft Planner, Microsoft StaffHub, Microsoft Stream, Microsoft Teams (including Bookings, Lists, and Shifts), Microsoft To-Do, Office 365 Advanced Threat Protection, Office 365 Video, Office for the web, OneDrive for Business, Project (except Roadmap and Project for the web), SharePoint Online, Skype for Business Online, Sway, Whiteboard, Yammer Enterprise and, for Kaizala Pro, Customer’s organizational groups managed through the admin portal and chats between two members of Customer’s organization. Office 365 Services do not include Office 365 ProPlus, any portion of PSTN Services that operate outside of Microsoft’s control, any client software, or any separately branded service made available with an Office 365-branded plan or suite, such as a Bing or a service branded “for Office 365.” Microsoft Azure Core Services API Management, App Service (API Apps, Logic Apps, Mobile Apps, Web Apps), Application Gateway, Application Insights, Automation, Azure Active Directory, Azure Cache for Redis, Azure Container Registry (ACR), Azure Container Service, Azure Cosmos DB (formerly DocumentDB), Azure Database for MySQL, Azure Database for PostgreSQL, Azure Databricks, Azure DevOps Services, Azure DevTest Labs, Azure DNS, Azure Information Protection (including Azure Rights Management), Azure Kubernetes Service, Azure NetApp Files, Azure Resource Manager, Azure Search, Backup, Batch, BizTalk Services, Cloud Services, Computer Vision, Content Moderator, Data Catalog, Data Factory, Data Lake Analytics, Data Lake Store, Event Hubs, Express Route, Face, Functions, HDInsight, Import/her designeeExport, IoT Hub, Key Vault, Load Balancer, Log Analytics (formerly Operational Insights), Azure Machine Learning Studio, Media Services, Microsoft Azure Portal, Multi-Factor Authentication, Notification Hubs, Power BI Embedded, QnA Maker, Scheduler, Security Center, Service Bus, Service Fabric, Site Recovery, SQL Data Warehouse, SQL Database, SQL Server Stretch Database, Storage, StorSimple, Stream Analytics, Text Analytics, Traffic Manager, Virtual Machines, Virtual Machine Scale Sets, Virtual Network, and VPN Gateway Microsoft Cloud App Security The cloud service portion of Microsoft Cloud App Security. Microsoft Intune Online Services The cloud service portion of Microsoft Intune such as the Microsoft Intune Add-on Product or a management service provided by Microsoft Intune such as Mobile Device Management for Office 365. Microsoft Power Platform Core Services The following services, each as a standalone service or as included in an Office 365 or Microsoft Dynamics 365 branded plan or suite: Microsoft Power BI, Microsoft Power Apps, and Microsoft Power Automate. Microsoft Power Platform Core Services do not include any client software, including but not limited to Power BI Report Server, the Power BI, PowerApps or Microsoft Power Automate mobile applications, Power BI Desktop, or Power Apps Studio. Microsoft Defender Advanced Threat Protection Services The following cloud service portions of Microsoft Defender Advanced Threat Protection: Attack Surface Reduction, Next Generation Protection, Endpoint Detection & Response, Auto Investigation & Remediation, Threat & Vulnerability Management, SmartScreen. Pursuant to the Agreement, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or teachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). abide by the provisions of these agreements and is responsible for their performance under the agreement.
Appears in 1 contract
Notification of ▇▇▇▇▇▇ and Unauthorized Release. (a) Vendor will shall promptly notify the District Erie 1 BOCES of any breach or unauthorized release of Protected Data it has received from the District in the most expedient way possible and without unreasonable delay, but no more than seven (7) calendar days after Vendor has discovered or been informed of the breach or unauthorized release.
(b) Vendor will provide such notification to the District Erie 1 BOCES by contacting ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇, Director for Data Privacy & Professional Learning ▇▇▇ directly by email at ▇▇▇▇▇@▇▇▇.▇▇▇, or by calling (▇▇▇) ▇▇▇-▇▇▇▇ (office) or (▇▇▇@▇▇▇▇▇▇▇▇▇▇.▇▇▇ or by calling ) ▇▇▇-▇▇▇-▇▇▇▇▇ (cell).
(c) Vendor will cooperate with the District Erie 1 BOCES and provide as much information as possible directly to ▇▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or his/her designee about the incident, including but not limited to: a description of the incident, the date of the incident, the date Vendor discovered or was informed of the incident, a description of the types of Protected Data personally identifiable information involved, an estimate of the number of records affected, the schools within the District Participating Educational Agencies affected, what the Vendor has done or plans to do to investigate the incident, stop the breach and mitigate any further unauthorized access or release of Protected Data, and contact information for Vendor representatives who can assist affected individuals that may have additional questions.
(d) Vendor acknowledges that upon initial notification from Vendor, the DistrictErie 1 BOCES, as the educational agency with which Vendor contracts, has an obligation under Section 2-d to in turn notify the Chief Privacy Officer in the New York State Education Department (“CPO”). Vendor agrees shall not to provide this notification to the CPO directly unless requested by the District or otherwise required by lawdirectly. In the event the CPO contacts Vendor directly or requests more information from Vendor regarding the incident after having been initially informed of the incident by the DistrictErie 1 BOCES, Vendor will promptly inform ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees.
(e) Vendor will consult directly with ▇▇▇▇▇▇▇▇ ▇▇▇▇-▇▇▇▇▇ or her designees prior to providing any further notice of the incident (written or otherwise) directly to any other BOCES or Regional Information Center, or any affected Participating Educational Agency. Erie 1 BOCES is committed to protecting the privacy and security of student, teacher, and principal data. In accordance with New York Education Law § 2-d, the BOCES wishes to inform the community of the following:
(1) A student's personally identifiable information cannot be sold or released for any commercial purposes.
(2) Parents have the right to inspect and review the complete contents of their child's education record.
(3) State and federal laws protect the confidentiality of personally identifiable information, and safeguards associated with industry standards and best practices, including but not limited to, encryption, firewalls, and password protection, must be in place when data is stored or transferred.
(4) A complete list of all student data elements collected by the State is available for public review at ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy-security/student-data-inventory, or by writing to the Office of Information & Reporting Services, New York State Education Department, Room 863 EBA, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇.
(5) Parents have the right to have complaints about possible breaches of student data addressed. Complaints should be directed in writing to the Chief Privacy Officer, New York State Education Department, ▇▇ ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇. Complaints may also be submitted using the form available at the following website ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/data-privacy- security/report-improper-disclosure. 5/31/2023 Erie 1 BOCES has entered into a Master License and Service Agreement (“MLSA”) with Passport For Good] which governs the availability to Participating Educational Agencies of the following Product(s): Pursuant to the MLSA, Participating Educational Agencies may provide to Vendor, and Vendor will receive, personally identifiable information about students, or histeachers and principals, that is protected by Section 2-d of the New York State Education Law (“Protected Data”). • The MLSA commences on July 1, 2023 and expires on June 30, 2026. • Upon expiration of the MLSA without renewal, or upon termination of the MLSA prior to expiration, Vendor will securely delete or otherwise destroy any and all Protected Data remaining in the possession of Vendor or its assignees or subcontractors or other authorized persons or entities to whom it has disclosed Protected Data. If requested by Erie 1 BOCES and/or any Participating Educational Agency, Vendor will assist a Participating Educational Agency in exporting all Protected Data previously received back to the Participating Educational Agency for its own use, prior to deletion, in such formats as may be requested by the Participating Educational Agency. • In the event the Master Agreement is assigned to a successor Vendor (to the extent authorized by the Master Agreement), the Vendor will cooperate with Erie 1 BOCES as necessary to transition Protected Data to the successor Vendor prior to deletion. • Neither Vendor nor any of its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data will retain any Protected Data, copies, summaries or extracts of the Protected Data, or any de-identified Protected Data, on any storage medium whatsoever. Upon request, Vendor and/or its subcontractors or other authorized persons or entities to whom it has disclosed Protected Data, as applicable, will provide Erie 1 BOCES with a certification from an appropriate officer that these requirements have been satisfied in full. Data Governance Policy K-12 Data Retention and Deletion Policy K-12 Data Breach Policy K-12 ▇▇▇ ▇▇▇▇▇▇▇▇ - ▇▇▇ ▇▇▇▇▇ ▇▇▇▇, ▇▇▇ ▇▇▇▇ ▇▇▇▇▇ (▇▇▇) ▇▇▇-▇▇▇▇ (T) Data governance is an organizational approach to management that is formalized as a set of policies and procedures that encompass the full life cycle of Data, including, PII; from acquisition, to use, to disposal. These rules and policies establish decision rights, as well as the controls that ensure security, accountability, and trustworthiness. Governance is not active day-to- day oversight, but rather a strong foundation for a viable management system. Any governance structure is in place to ▇▇▇▇▇▇ sound policy, clarity of controls, and consistent processes. PFG recognizes its responsibility to protect the privacy and ensure security for all users. PFG has adopted this Data Governance Policy to comply with all applicable laws, rules and regulations. DocuSign Envelope ID: 74A071CB-F62F-4EB8-80D2-72A7CF674110 This policy applies to all employees and consultants of PFG. In accordance with PFG’s policy and procedures, this policy will be reviewed and adjusted on an annual basis or more frequently, as needed. This policy is designed to ensure only authorized disclosure of Data, including, PII as well as establishing best practices around governance. Where PFG uses contractors such as third-party service providers they will be notified of this policy. See the Definitions section of the policies for certain definitional terms used in this policy.
1. PFG restricts access to Data, including, PII to only those who need to know the information in order to process the Data, including, PII for the intended service or provide customer assistance and any such access will be limited to the Data, including, PII necessary for the performance of the operation.
2. PFG will conduct background checks on all PFG employees and consultants who will have access to Data, including, PII as part of the hiring process.
3. Access to Data, including, PII may be revoked by PFG for any reason, including, termination.
4. PFG identifies access to Data, including, PII based on roles and need for access.
5. PFG will protect its Data, including, through security measures. Product Development All For development and customer support Customer Support All For customer support and development Onboarding and Engagement All For onboarding and customer support Business Development All For business development, customer support and engagement Data Owner All For development and control
1. PFG has instituted policies to make sure Data, including, PII are not misused or abused and are used in accordance with all applicable regulations, rules and laws. Data Owners manage Data, including, PII according to this policy and all other applicable policies and practices implemented by PFG.
2. PFG employees and consultants are only allowed to access Data, including, PII for the required performance of their job function/her designeerole and not for any inappropriate purposes.
Appears in 1 contract